001
014
015 package com.liferay.portal.kernel.servlet;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.BasePortalLifecycle;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.kernel.util.PropsKeys;
022 import com.liferay.portal.kernel.util.PropsUtil;
023
024 import java.io.Serializable;
025
026 import javax.servlet.ServletContext;
027 import javax.servlet.http.HttpSession;
028 import javax.servlet.http.HttpSessionAttributeListener;
029 import javax.servlet.http.HttpSessionBindingEvent;
030
031
034 public class SerializableSessionAttributeListener
035 extends BasePortalLifecycle implements HttpSessionAttributeListener {
036
037 public void attributeAdded(
038 HttpSessionBindingEvent httpSessionBindingEvent) {
039
040 if (!_sessionVerifySerializableAttribute) {
041 return;
042 }
043
044 String name = httpSessionBindingEvent.getName();
045 Object value = httpSessionBindingEvent.getValue();
046
047 if (!(value instanceof Serializable)) {
048 Class<?> clazz = value.getClass();
049
050 _log.error(
051 clazz.getName() +
052 " is not serializable and will prevent this session from " +
053 "being replicated");
054
055 if (_requiresSerializable == null) {
056 HttpSession session = httpSessionBindingEvent.getSession();
057
058 ServletContext servletContext = session.getServletContext();
059
060 _requiresSerializable = Boolean.valueOf(
061 GetterUtil.getBoolean(
062 servletContext.getInitParameter(
063 "session-attributes-requires-serializable")));
064 }
065
066 if (_requiresSerializable) {
067 HttpSession session = httpSessionBindingEvent.getSession();
068
069 session.removeAttribute(name);
070 }
071 }
072 }
073
074 public void attributeRemoved(
075 HttpSessionBindingEvent httpSessionBindingEvent) {
076 }
077
078 public void attributeReplaced(
079 HttpSessionBindingEvent httpSessionBindingEvent) {
080
081 attributeAdded(httpSessionBindingEvent);
082 }
083
084 @Override
085 protected void doPortalDestroy() throws Exception {
086 }
087
088 @Override
089 protected void doPortalInit() throws Exception {
090 _sessionVerifySerializableAttribute = GetterUtil.getBoolean(
091 PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
092 true);
093 }
094
095 private static Log _log = LogFactoryUtil.getLog(
096 SerializableSessionAttributeListener.class);
097
098 private Boolean _requiresSerializable;
099 private boolean _sessionVerifySerializableAttribute;
100
101 }